On the Jolicode.com blog, there's a tutorial they've posted showing how to "mix security and forms" in a Symfony application to show only certain form fields based on a user's roles.

In some applications, it could be required to disable some form fields depending on user’s roles.

In this article, we will see how to implement this feature thanks to a simple example: a blog engine.

For their example, they use a Symfony 4 application with the MakerBundle and create a basic blog with "article" entities and an "admin" entity for the user list. From there, the post includes the code needed to update the buildForm method in the ArticleType class to check the current user and be sure they have the "admin" role. To make this work, they also build out a SecurityExtension form extension class that performs the actual check. This is then hooked into the pre-submit event on the form to prevent other issues where an attacker might delete the "allowed" element and submit the data anyway. The post wraps up with an example of performing a similar check but hiding the field instead of just disabling it in the form.

With the recent release of Laravel 4, PHP developers have at their disposal one of the finest frameworks for application development. As with all new frameworks, it is always good to write some quick code to get a feel for the underlying architecture. The following post shows a simple authentication application using Laravel.

He walks you through the creation of the simple "users" table, the configuration the Auth class will need to connect and authenticate and the form for the login. He also shows the steps for the actual authentication process as well as the code for the routes to make it all work. Additionally, he shows how to restrict pages to only those with the "admin" level access via an auth filter. You can download the example code here.

Phil Sturgeon (an expert in all things related to the Fuel PHP framework) has written up a tutorial for NetTuts.com about creating a basic admin panel for your application based on the framework. This is the second part of a series looking at Fuel, building on the topics from the first.

In the first part of this series, we took a look at the basics of the FuelPHP framework. In this second-part, we'll be stepping it up a gear and move onto some more advanced topics! We'll be creating an admin panel for our application, cover the common uses of the ORM and use the Authentication package to restrict access.

He walks you through setting up Oil (the command-line tool that comes bundled with Fuel) and using it to create a new application. There's a few steps of configuration to connect to a database and setting up a few access groups (like "Banned", "Guests" and "Administrators"). Oil is used again to create users in the database and to auto-generate a lot of the controller/view code you'll need for the admin tool. He then gets into the more technical parts - updating the current code to be able to do things like using the ORM to fetch database results and being able to add comments to posts.

In another in his framework series, Jason Gilmore has a new post on PHPBuilder.com about another popular framework - the Yii framework. He introduces you to the framework and shows the creation of a sample, basic site.

Frameworks have been the topic du jour here at PHPBuilder.com, with numerous recent articles covering DooPHP and Fat-free. In this latest stop on the framework tour, we'll check out Yii, a relatively new framework (less than three years old) that boasts an impressive array of features and an equally impressive array of users, among them the enormously popular Stay.com.

He walks you through the install (downloading the latest version) and shows how to use the command-line tool to automatically generate the basic website structure. He continues on showing how to update the main page and template, how to get it connected to a MySQL database and how to use the Gii tool to create basic admin forms for working with the tables.

From the Otto on WordPress blog there's a recent post (made more useful by the release of WordPress 3) about how to use the multi-site abilities of this latest version to create multiple sites with their own domain names attached to each.

The other day, Klint Finley wrote a very good walkthrough of using the new Multisite functionality of WordPress 3.0. In the comments, a lot of people wanted to know how to use your own Top-Level-Domains. Since I’m doing that now, here’s a quick walkthrough/how-to guide.

He uses the WordPress MU Domain Mapping plugin to get the job done and, via screenshots and a little bit of code, shows you how to use the admin panel to easily set up the domains and the sites they should resolve to.

Simon Jones has pot together a new post for the Zend Framework users out there wanting to add sub-modules to their application.

I quite frequently find myself wanting some form of sub-modules, usually in admin systems where one “admin” module just doesn’t cut it for larger sites. Without modules we’re stuck with an AdminController.php which obviously gets very messy, very quickly. With modules, we can have an “admin” module with as many controllers as we wish. This is fine, until a site needs to manage lots of discrete elements.

His solution was a bit of a "hijack" of the boostrap resource for the "admin" requests that would allow him to dynamically add modules thanks to some simple mapping. You can download his example here.

SitePoint.com has started a new series of posts today looking at how to make WordPress easier for clients to use and be happier with overall. Craig Buckler looks at things that can help your clients think simpler and easier.

In this series of articles we'll implement several options to make WordPress easier for your clients. You can probably find plugins to achieve the same thing, but this code is easy, flexible, and won't need to be updated (unless you want to make updates yourself).

He talks about how to manually do two things to make the clients' lives simpler - change the logo to something more company-related and remove the update notification from the admin panel so they don't get confused as to what the update means.

Ian Christian has an informative new post for the Symfony developers out there. He's figured out a way to handle uploaded files with Symfony's admin generator relatively easily, changing the filename option.

When a file is uploaded using sfForm in the admin generator, by default the filename that's used is a random string, which can look bad in URLs. If you want to change this, it's not immediately obvious how - but it is incredibly simple.

The Symfony project does have some documentation on the topic, but it's not the easiest to read. It basically boils down to is defining a function in your extended class based on the name of the file where you can change the name however you'd like. Code snippets are included to make the point a bit more clear.

A fun bit of trivia for the Joomla users out there from Brian Teeman's blog today - why the default user ID is 62 and how it could effect your site's security.

Andrew attempted to give the most complete answer but the truth is the answer is lost in the dim and distant past. There is nothing you can do about it. On every install a superadmin user is created with username "admin" and userid "62".

Since this is a common "feature" of the older Joomla installs, it could potentially be used in a sort of attack on the site. Fortunately, as of the Joomla 1.6 release, the installation allows you to select a username of your own (while still suggesting "admin") with a new change to the user's ID - 42 instead of 61.

In his recent blog entryOren Solomianik takes a look at using the zdbform software (a web-based, simple database administration tool) he's put together using the Zend Framework.

If you're looking for a simple tool that uses Zend Framework's robust database classes (such as Zend_Db and Zend_Db_Table), you can check out zdbform. It's a short yet effective library that let's you perform simple administration tasks on your database, with minimal coding. It's not a full blown phpMyAdmin, but it's a simple way to view, edit and add your tables rows on a web interface.

He shows how you can use it in a script - from the front controller to the input forms - and some of the changes he needed to make in the form class itself to handle a few of the bit more tricky parts.